From 4e75a2f3d47fcb4101ad6c63743e4262538a944a Mon Sep 17 00:00:00 2001 From: Miod Vallat Date: Thu, 14 Mar 2002 00:42:26 +0000 Subject: Turn the ptrace(2) syscall into a kernel compile option, option PTRACE in your kernel configuration file. By default, GENERIC will enable this. When PTRACE is not enabled, several ptrace-like features of the procfs filesystem will be disabled as well (namely, the ability to read and write any process' registers, as well as attching, single stepping and detaching to/from processes). This should help paranoid people build better sandboxens, and us to build smaller ramdisks. --- sys/kern/syscalls.master | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) (limited to 'sys/kern/syscalls.master') diff --git a/sys/kern/syscalls.master b/sys/kern/syscalls.master index 9a9a5e90afa..b03342790bd 100644 --- a/sys/kern/syscalls.master +++ b/sys/kern/syscalls.master @@ -1,4 +1,4 @@ -; $OpenBSD: syscalls.master,v 1.48 2002/02/22 20:37:45 drahn Exp $ +; $OpenBSD: syscalls.master,v 1.49 2002/03/14 00:42:25 miod Exp $ ; $NetBSD: syscalls.master,v 1.32 1996/04/23 10:24:21 mycroft Exp $ ; @(#)syscalls.master 8.2 (Berkeley) 1/13/94 @@ -81,8 +81,12 @@ 23 STD { int sys_setuid(uid_t uid); } 24 STD { uid_t sys_getuid(void); } 25 STD { uid_t sys_geteuid(void); } +#ifdef PTRACE 26 STD { int sys_ptrace(int req, pid_t pid, caddr_t addr, \ int data); } +#else +26 UNIMPL ptrace +#endif 27 STD { ssize_t sys_recvmsg(int s, struct msghdr *msg, \ int flags); } 28 STD { ssize_t sys_sendmsg(int s, \ -- cgit v1.2.3